[COLUG] effectiveness of greylisting.

[Rob Funk]

Duane wrote:
> You can't control the delay, the remote end does, I usually whitelist
> hosts that I know or do a lot of mail between,

I use postgrey for greylisting, and by default it auto-whitelists a client 
address after five successful transmissions from that client.  It's 
probably safe to reduce that to two or three.

That auto-whitelisting means that places we communicate with a lot don't 
get the delay, and I don't have to manually add to a whitelist unless the 
other end misbehaves.  I wouldn't want to do greylisting without this 
feature.

> but lately I've really 
> been trying to figure out how to do this in amavis so that if the spam
> score is under say 0 greylist, otherwise don't greylist, obviously this
> will increase my server load so maybe something a little smarter again
> where host seems spammy (or maybe just use RBLs) greylist, otherwise
> check for spam and greylist if score > 1 otherwise let em in.
>
> Anyone know how to do this?

With what MTA?

You really don't want to do it with amavis, since that requires receiving 
the DATA section before giving the greylist decision, and you want to 
have the greylist decision (and as many other decisions as possible) 
after the RCPT information.

Going by RBLs makes more sense, and I've seen it done.  (How depends on 
your MTA of course.)  I'm rather strict about greylisting and RBLs 
though; I have postfix check a list of RBLs (and local exception lists), 
reject if an RBL says they're bad, then do greylisting as the very last 
RCPT check.

I do still need to move my amavis checking into the SMTP conversation 
rather than after the message has been accepted.

-- 
==============================|   "A microscope locked in on one point
 Rob Funk <rfunk at funknet.net> |Never sees what kind of room that it's in"
 http://www.funknet.net/rfunk |    -- Chris Mars, "Stuck in Rewind"